78 Pdfsam TCPIP Professional Reference Guide~Tqw~ Darksiderg

The Internet Protocol and Related Protocols

61

used server, one would want to include the host name because it would beeasier to remember than a sequence of dotted decimal numbers.

The combination of host and domain is commonly referred to as a fullyqualified domain name (FQDN). An FQDN means that the name is unique.In comparison, the host portion of the name (gil) could exist on many domains.Similarly, many computers could have a common domain name (fed.gov).

Returning to Exhibit 4.13, note that one can specify up to four DNS serveraddresses. In addition, one can specify one or more domain suffix searchorders where common domain suffixes include gov (government), com (com-mercial), edu (educational), mil (military), and org (nonprofit organization).

Exhibit 4.12 Configuring the Gateway Address under Windows 95/98

AU0824/Frame/ch4 Page 61 Saturday, November 11, 2000 11:51 AM

62 TCP/IP Professional Reference Guide

Reserved Addresses

It was previously noted that the address block 127.0.0.0 through127.255.255.255 is used for loopback purposes and can thus be consideredto represent a block of reserved addresses. When considering IPv4 addressing,there are three additional blocks of reserved addresses that warrant attention.Those address blocks are defined in RFC 1918, entitled Address Allocation forPrivate Internet, and are summarized in Exhibit 4.14.

Exhibit 4.13 Specifying the Address of the DNS Server and the Fully Qualified Name of the Host at the DNS Tab


The Internet Protocol and Related Protocols 63

The original intention of RFC 1918 addresses was to define blocks of IPaddresses organizations could use on private networks that would be recog-nized as such. As the use of the Internet grew, the ability to obtain IP addressesbecame more difficult because existing network addresses were assigned todifferent organizations. This resulted in a second role for RFC 1918 addressesunder a process referred to as Network Address Translation (NAT). UnderNAT, internal RFC 1918 addresses can be dynamically translated to public IPaddresses while reducing the number of public addresses that need to beused. For example, consider an organization with 500 stations that only hasone Class C address. One possibility is to use RFC 1918 addresses behind arouter connected to the Internet, with the router translating RFC 1918 addressesdynamically into available Class C addresses. Although no more that 254 RFC1918 addresses could be translated into valid distinct Class C addresses at anypoint in time, it is also possible to use TCP and UDP port numbers to extendthe translation process so each RFC 1918 address can be simultaneously usedand translated. To do so, a router would translate each RFC 1918 address intoa Class C address using a different port number, permitting thousands oftranslations for each Class C address.

Another device that can provide address translation is a proxy firewall. Inaddition to translating addresses, a proxy firewall also hides internal addressesfrom the Internet community. This address hiding provides a degree of securitybecause any hacker that attempts to attack a host on a network where a proxyfirewall operates must first attack the firewall.

Two additional items to note about RFC 1918 addresses are that they cannotbe used directly on the Internet, and they are a favorite source address usedby hackers. The reason RFC 1918 addresses cannot be directly used on theInternet results from the fact that if one company does so, a second couldalso do so, resulting in addressing conflicts and the unreliable delivery ofinformation. Thus, as discussed, RFC 1918 addresses are translated into ClassA, B, or C addresses when a private network using such addresses is connectedto the Internet. Concerning hacker use, because source IP addresses are notchecked by routers, it is quite common for an RFC 1918 address to be usedas the source address by a hacker, making it difficult — if not impossible —to locate the hacker.

Because it is quite common for hackers to use an RFC 1918 address astheir address in configuring a TCP/IP protocol stack, it is also quite common

Exhibit 4.14 Reserved IP Addresses for Private Internet Use (RFC 1918)

Address Blocks

10.0.0.0–10.255.255.255172.16.0.0–172.31.255.255

192.168.0.0–192.168.255.255



to create a router access list that filters datagrams that have an RFC 1918address. When network security is discussed in Chapter 9, also included willbe applicable access list statements to send datagrams with RFC 1918 sourceaddresses to the great bit bucket in the sky.

Subnetting

One of the problems associated with the use of IP addresses is the fact thateven with the use of classes, their use can be inefficient. For example, considerthe use of a Class A network address. Although one can have up to 16,277,214hosts per Class A network, one can only have 127 such networks. Thus, theassignment of a Class A network address to a large organization with 100,000workstations would waste over 16 million IP addresses. Similarly, because asingle LAN is incapable of supporting 100,000 workstations, one might considerasking for multiple network addresses, which would further waste a preciousresource referred to as IPv4 addresses. Another problem associated with usingmore network addresses than required is the fact that routers must note thoseaddresses. This means that the routers in a network, which could be theInternet or a private TCP/IP network, would have more entries in its routingtables. This, in turn, results in routers requiring a longer time to check thedestination address in a datagram against entries in each router’s routing table.The solution to the problems of wasted IP address space and unnecessaryrouting table entries is provided through the process of subnetting.

Overview

Subnetting was standardized in RFC 950 in 1985. This RFC defines a procedureto subnet or divide a single Class A, B, or C network into two or more subnets.Through the process of subnetting, the two-level hierarchy of Class A, B, andC networks previously illustrated in Exhibit 4.6 is converted into a three-levelhierarchy. Exhibit 4.15 provides a comparison between the two-level hierar-chies initially defined for Class A, B, and C networks and the three-level subnethierarchy. In examining the lower portion of Exhibit 4.15, note that to convertthe two-level hierarchy into a three-level hierarchy, the extension of thenetwork address occurs by taking away a portion of the host address portionof an IPv4 address.

Subnetting Example

As previously noted, any of the IPv4 A through C address classes can besubnetted. To illustrate the subnet process, as well as obtain an appreciationfor how subnetting facilitates the use of IPv4 address space, one can examinethe process by understanding the concept of masking and the use of thesubnet mask, both of which are essential to the extension of the networkportion of an IP address beyond its predefined location.



To illustrate the concept of subnetting, assume on organization has theneed to install five LANs within a building, with each network supportingbetween 10 and 15 workstations and servers. Further assume that the organi-zation was previously assigned the IP Class C network address 198.78.46.0.Although the organization could apply for four additional Class C addresses,doing so would waste precious IPv4 address space, because each Class Caddress supports a maximum of 254 interfaces. In addition, if one anticipatesconnecting the organization’s private networks to the Internet, the use of fouradditional Class C network addresses would be required in a number of routersin the Internet as well as the organization’s internal routers.

Instead of asking for four additional Class C addresses, one can usesubnetting by dividing the host portion of the 198.78.46.0 IPv4 address intoa subnet number and a host number. Because one needs to support fivenetworks, one must use a minimum of three bits from the host portion of theIP address as the subnet number. The reason a minimum of three bits fromthe host portion of the address must be used is due to the fact that the numberof subnets one can obtain is 2n, where n is the number of bits. When n = 2,this yields four subnets, which is too few. When n = 3, one obtains eightsubnets, which provides enough subnets for this example.

Because a Class C address uses 24 for the network portion and eight bitsfor the host portion, the use of a three-bit subnet extends the network addresssuch that it becomes 27 bits in length. This also means that a maximum offive bits (8 – 3) can be used for the host portion of the address.

Exhibit 4.16 illustrates the creation of the three-level addressing scheme justdescribed. Note that the three-bit subnet permits eight subnets (000 through 111).

Exhibit 4.15 Comparing the Three-Level Subnet Hierarchy to the Two-Level Network Class Hierarchy

Exhibit 4.16 Creating a Class C Three-Level Addressing Scheme



To the outside world, the network portion of the address remains the same.This means that the route from the Internet to any subnet of a given IPnetwork address remains the same. This also means that routers within anorganization must be able to differentiate between different subnets; however,routers outside the organization do not consider subnets.

To illustrate the creation of five subnets, assume one wants to commencesubnet numbering at 0 and continue in sequence through subnet 4. Exhibit 4.17illustrates the creation of five subnets from the 198.78.46.0 network address.Note that the top entry in Exhibit 4.17, which is labeled “Base Network,”represents the Class C network address with a host address byte field set to allzeroes. Because it was previously determined that three bits from the host addressportion of the network would be required to function as a subnet identifier, thenetwork address is shown extended into the host byte by three portions.

Host Restrictions

In examining the subnets formed in Exhibit 4.17, it would appear that thehosts on the first subnet can range from 0 through 31, while the hosts on thesecond subnet can range in value from 33 through 63, etc. In actuality, thisis not correct because there are several restrictions concerning host addresseson subnets. First, one cannot use a base subnet address of all zeroes nor allones. Thus, for subnet 0 in Exhibit 4.17, valid addresses would range from 1to 30. Similarly for subnet 1, valid addresses would range from 33 to 62. Thus,subnetted host address restrictions are the same as for a regular IP non-subnetted network.

Another host address restriction that requires consideration is the fact thatfor all classes, one must have the ability to place some hosts on each subnet.Thus, as a minimum, the last two bit positions into the fourth byte of ClassA, B, and C addresses cannot be used in a subnet. Exhibit 4.18 illustrates thenumber of bits that are available for subnetting for Class A, B, and C networkaddresses.

The Zero Subnet

Another item concerning subnetting that warrants attention is the fact that atone time, the zero subnet was considered anathema by the Internet community,

Exhibit 4.17 Creating Extended Network Prefixes via Subnetting

Base Network:1100110.01010000.00101110.00000000 = 198.78.46.0Subnet #0:1100110.01010000.00101110.00000000 = 198.78.46.0Subnet #1:1100110.01010000.00101110.00100000 = 198.78.46.32Subnet #2:1100110.01010000.00101110.01000000 = 198.78.46.64Subnet #3:1100110.01010000.00101110.01100000 = 198.78.46.96Subnet #4:1100110.01010000.00101110.10000000 = 198.78.46.128



and its use was and to a degree still is discouraged. While this viewpoint hassomewhat fallen from favor, it is important to note that some devices will notsupport the use of subnet zero and will not allow one to configure theirinterface address as being on a zero subnet. The reason for this restrictionresults because confusion can arise between a network and a subnet that havethe same address. For example, assume network address 129.110.0.0 is sub-netted as 255.255.255.9. This would result in subnet zero being written as 129.110.0.0, which is the same as the network address.

When configuring TCP/IP devices, it is important to note that some devicesthat support a zero subnet must be explicitly configured to do so. For example,the most popular manufacturer of routers is Cisco Systems. Although all Ciscorouters support the use of subnet zero, one must use the router command ipsubnet-zero to configure a Cisco router to do so. If one attempts to configurea subnet zero, one will receive an “inconsistant network mask” error message.

Internal Versus External Subnet Viewing

Returning to the subnetting example in which five subnets were created fromone Class C network address, one can easily understand why subnetting savesrouter table entries. This is illustrated in Exhibit 4.19, which depicts an internalintranet view of the use of subnets versus a view from the Internet for theprior example. In examining Exhibit 4.19, note that all five subnets appear asthe IP network address 198.78.46.0 to routers on the Internet. This means thateach router must have knowledge of one IP network address. At the routerconnected to the Internet, that device becomes responsible for examiningeach inbound datagram and determining the appropriate subnet where thedatagram should be routed. To do so, this router uses a subnet mask whose

Exhibit 4.18 Available Bit Positions for Subnet Formation



composition and use are discussed below. Prior to doing so, a few pointsconcerning the use of the base network address of 198.78.46.0 are in order.First, to each router the destination address in each datagram appears as a32-bit sequence. Thus, there is no knowledge of dotted decimal numbersexcept for the configuration of devices because routing occurs by the exam-ination of the network portion of the address in each datagram. Second, eachrouter begins its address examination by first focusing attention on the firstbit in the destination address to determine if it is a Class A address. If thefirst bit position is set to a binary “0,” the router knows it is a Class A address,as well as knows that the first byte in the 32-bit destination address representsthe network address. Similarly, if the first bit in the destination address is nota binary “0,” the router examines the second bit to determine if the addressis a Class B address, etc. Thus, a router can easily determine the address classof the destination address in a datagram that then indicates the length of thenetwork portion of the address. The router can then use this information tosearch its routing table entries to determine the appropriate port to outputthe datagram, all without having to consider whether or not the addressrepresents a subnetted address.

Thus far, this chapter has discussed how to create a subnet and extendthe network portion of an IPv4 address, but has not addressed the mannerby which a router at the edge of the Internet knows how to route datagramsto their appropriate subnet. In addition, there is the question of how a stationon an internal network can recognize subnet addressing. For example, if anIP datagram arrives at an organizational router with the destination address198.78.46.38, how does the router know to place the datagram on subnet 1?The answer to these questions is the use of a subnet mask.

Using the Subnet Mask

The subnet mask provides a mechanism that enables devices to determinethe separation of an IPv4 address into its three-level hierarchy of network,

Exhibit 4.19 Internet versus Internal Network View of Subnets



subnet, and host addresses. To accomplish this task, the subnet mask consistsof a sequence of set to “1” bits that denotes the length of the network andsubnet portions of the IPv4 network address associated with a network. Thatis, the subnet mask indicates the internal extended network address.

To illustrate the use of the subnet mask, again assume the network addressto be 198.78.46.0. Further assume that one wants to create a subnet mask thatcan be used by a router or workstation to note that the range of permissiblesubnets is 0 to 7. Because this requires the use of three bits, the subnet maskbecomes:

11111111.11111111.11111111.11100000

Similar to the manner by which IP addresses can be expressed more efficientlythrough the use of dotted decimal notation, one can also express subnet masksusing that notation. Because each byte of all set bits has a decimal value of255, the dotted decimal notation for the first three bytes of the subnet maskis 255.255.255. Because the first three bits of the fourth byte are set, its decimalvalue is 128 + 64 + 32, or 224. Thus, the dotted decimal specification for thesubnet mask becomes:

255.255.255.244

Because a device can easily determine the address class of the destinationaddress in a datagram, the subnet mask then informs the device of which bitsin the address represent the subnet and indirectly which bits represent thehost address on the subnet. To illustrate how this is accomplished, assume adatagram has arrived at a router with the destination IP address 198.78.46.97,and that the subnet mask was previously set to 255.255.255.224. The relation-ship between the IP address and the subnet mask would then appear asindicated in Exhibit 4.20.

Because the first two bits in the destination address are set to 11, thisindicates the address is a Class C address. The TCP/IP protocol stack knowsthat a Class C address consists of three bytes used for the network address,and one byte used for the host address. Thus, this means that the subnet mustbe 27 – 24, or three bits in length. This fact tells the router or workstationthat bits 25 through 27, which are set to a value of 011 in the IP address,

Exhibit 4.20 Examining the Relationship between an IP Address and a Subnet Mask



identify the subnet as subnet 3. Because the last five bits in the subnet maskare set to zero, this indicates that those bit positions in the IP address identifythe host on subnet 3. Because the setting of those five bits have the value00001, this means that the IP address of 198.78.46.97 references host 1 onsubnet 3 on the IPv4 network 198.78.46.0.

To assist readers who need to work with subnets, Exhibit 4.21 provides areference to the number of subnets that can be created for Class B and Class Cnetworks, their subnet mask, the number of hosts per network, and the totalnumber of hosts supported by a particular subnet mask. In examining theentries in Exhibit 4.21, one notes that the total number of hosts can varyconsiderably, based on the use of different length subnet extensions. Thus,one should carefully consider the effect of a potential subnetting process priorto actually performing the process.

Exhibit 4.21 Class B and Class C Subnet Mask Reference

Number ofSubnet bits

SubnetMask

Number ofSubnetworks

Hosts/Subnet

Total Numberof Hosts

Class B1 — — — —2 255.255.192.0 2 16382 327643 255.255.224.0 6 8190 491404 255.255.240.0 14 4094 573165 255.255.248.0 30 2046 613806 255.255.252.0 62 1022 633647 255.255.254.0 126 510 642608 255.255.255.0 254 254 645169 255.255.255.128 510 126 64260

10 255.255.255.192 1022 62 6336411 255.255.255.224 2046 30 6138012 255.255.255.240 4094 14 5731613 255.255.255.248 8190 6 4914014 255.255.255.252 16382 2 3276415 — — — —16 — — — —

Class C1 — — — —2 255.255.255.192 2 62 1243 255.255.255.224 6 30 1804 255.255.255.240 14 14 1965 255.255.255.248 30 6 1706 255.255.255.252 62 2 1247 — — — —8 — — — —



Multiple Interface Addresses

One of the lesser-known aspects of IP addressing is the fact that it is possibleto assign multiple logical network addresses to one physical network. Priorto examining how this occurs, one will probably want to understand therationale for doing this. Thus, let us assume an organization originally operateda 10BASE-5 network with 100 users and wants to construct a distributednetwork within a building that will consist of 350 workstations and server.Further assume that the organization’s previously installed 10BASE-5 coaxial-based backbone will be used by adding 10BASE-T hubs to the backbone,with a single router providing a connection to the Internet.

If the organization previously obtained a Class C address when it operateda 10BASE-5 network, adding 250 stations means that a second router interfaceand two networks would be required because each Class C address supportsa maximum of 254 hosts.

TCP/IP supports the ability to assign multiple network addresses to acommon interface. In fact, TCP/IP also supports the assignment of multiplesubnet numbers to a common interface. This can only be accomplishedthrough the use of a router. Exhibit 4.22 illustrates an example in which threenetwork addresses were assigned to one interface. For low volumes of networktraffic, this represents an interesting technique to reduce the number of costlyrouter interfaces required.

As indicated in Exhibit 4.22, the router connection to the coaxial cablewould result in the assignment of two IP addresses to its interface — one foreach network. In this example, the addresses 205.131.175.1 and 205.131.176.1were assigned to the router interface. Conversations between devices on the

Exhibit 4.22 Assigning Multiple Network Addresses to a Common Router Interface


Documents

78 Pdfsam TCPIP Professional Reference Guide~Tqw~ Darksiderg